Diffstat (limited to 'frontend/beta/js/Clipperz/PM') (more/less context) (ignore whitespace changes)
5 files changed, 56 insertions, 21 deletions
diff --git a/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js b/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js index 2295d3f..369b9ce 100644 --- a/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js +++ b/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js @@ -1,283 +1,283 @@ /* Copyright 2008-2013 Clipperz Srl This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. * Clipperz is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. * Clipperz is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } if (typeof(Clipperz.PM) == 'undefined') { Clipperz.PM = {}; } //if (typeof(Clipperz.PM.BookmarkletProcessor) == 'undefined') { Clipperz.PM.BookmarkletProcessor = {}; } //if (typeof(Clipperz.PM.BookmarkletProcessor.versions) == 'undefined') { Clipperz.PM.BookmarkletProcessor.versions = {}; } /* Clipperz.PM.BookmarkletProcessor.versions['abstract'] = function(anUser, aConfiguration) { this._user = anUser; this._configuration = aConfiguration; this._recordTitle = null; this._record = null; this._editableFields = null; return this; } Clipperz.PM.BookmarkletProcessor.versions['abstract'].prototype = MochiKit.Base.update(null, { 'toString': function() { return "BookmarkletProcessor - " + this.user(); }, //------------------------------------------------------------------------- 'user': function() { return this._user; }, //------------------------------------------------------------------------- 'configuration': function() { return this._configuration; }, //------------------------------------------------------------------------- 'record': function() { throw Clipperz.Base.exception.AbstractMethod; }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); */ Clipperz.PM.BookmarkletProcessor = function(anUser, aConfiguration) { this._user = anUser; this._configuration = aConfiguration; this._recordTitle = null; this._record = null; this._editableFields = null; this._favicon = null; return this; } Clipperz.PM.BookmarkletProcessor.prototype = MochiKit.Base.update(null, { 'toString': function() { return "BookmarkletProcessor - " + this.user(); }, //------------------------------------------------------------------------- 'user': function() { return this._user; }, //------------------------------------------------------------------------- 'configuration': function() { return this._configuration; }, //------------------------------------------------------------------------- 'recordTitle': function() { if (this._recordTitle == null) { this._recordTitle = this.configuration().page.title; } return this._recordTitle; }, //------------------------------------------------------------------------- 'fields': function() { return this.configuration().form.inputs; }, //------------------------------------------------------------------------- 'editableFields': function() { if (this._editableFields == null) { this._editableFields = MochiKit.Base.filter(function(aField) { var result; var type; type = aField['type'].toLowerCase(); result = ((type != 'hidden') && (type != 'submit') && (type != 'checkbox') && (type != 'radio') && (type != 'select')); return result; }, this.fields()) } return this._editableFields; }, //------------------------------------------------------------------------- 'hostname': function() { if (this._hostname == null) { var actionUrl; - actionUrl = this.configuration()['form']['attributes']['action']; + actionUrl = Clipperz.Base.sanitizeUrl(this.configuration()['form']['attributes']['action']); //MochiKit.Logging.logDebug("+++ actionUrl: " + actionUrl); this._hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1'); } return this._hostname; }, 'favicon': function() { if (this._favicon == null) { this._favicon = "http://" + this.hostname() + "/favicon.ico"; //MochiKit.Logging.logDebug("+++ favicon: " + this._favicon); } return this._favicon; }, //------------------------------------------------------------------------- 'record': function() { if (this._record == null) { var record; var recordVersion; var directLogin; var bindings; var i,c; record = new Clipperz.PM.DataModel.Record({ label:this.recordTitle(), notes:"", user:this.user() }); recordVersion = new Clipperz.PM.DataModel.RecordVersion(record, {}) record.setCurrentVersion(recordVersion); bindings = {}; c = this.editableFields().length; for (i=0; i<c; i++) { var formField; var recordField; //MochiKit.Logging.logDebug(">>> adding a field"); formField = this.editableFields()[i]; recordField = new Clipperz.PM.DataModel.RecordField({ recordVersion:recordVersion, label:formField['name'], value:formField['value'], type:Clipperz.PM.Strings.inputTypeToRecordFieldType[formField['type']], hidden:false }); recordVersion.addField(recordField); bindings[formField['name']] = recordField.key(); //MochiKit.Logging.logDebug("<<< adding a field"); } directLogin = new Clipperz.PM.DataModel.DirectLogin({ record:record, label:this.recordTitle() + Clipperz.PM.Strings['newDirectLoginLabelSuffix'], // bookmarkletVersion:this.version(), bookmarkletVersion:'0.2', favicon:this.favicon(), formData:this.configuration()['form'], bindingData:bindings }); record.addDirectLogin(directLogin); this.user().addRecord(record); this._record = record; } return this._record; }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.PM.BookmarkletProcessor.createRecordFromBookmarkletConfiguration = function(anUser, aConfiguration) { var processor; processor = new Clipperz.PM.BookmarkletProcessor(anUser, aConfiguration); return processor.record(); }; //----------------------------------------------------------------------------- Clipperz.PM.BookmarkletProcessor.sanitizeBookmarkletConfiguration = function(aConfiguration) { var result; // throw "XSS Bookmarklet attempt"; result = aConfiguration; return result; }; //----------------------------------------------------------------------------- Clipperz.PM.BookmarkletProcessor.checkBookmarkletConfiguration = function(aConfiguration, aButton, aCallback) { var result; try { result = Clipperz.Base.evalJSON(aConfiguration); result = Clipperz.PM.BookmarkletProcessor.sanitizeBookmarkletConfiguration(result); if (result['version'] != '0.2.3') { throw "WrongBookmarkletVersion"; } } catch (exception) { var title; var message; if (exception == "WrongBookmarkletVersion") { title = Clipperz.PM.Strings['newRecordPanelWrongBookmarkletVersionExceptionTitle']; message = Clipperz.PM.Strings['newRecordPanelWrongBookmarkletVersionExceptionMessage']; } else { title = Clipperz.PM.Strings['newRecordPanelGeneralExceptionTitle']; message = Clipperz.PM.Strings['newRecordPanelGeneralExceptionMessage']; } Clipperz.PM.Components.MessageBox().show({ title:title, text:message, width:240, fn:aCallback, closable:false, showProgressBar:false, showCloseButton:false, buttons:{'ok':Clipperz.PM.Strings['newRecordPanelExceptionPanelCloseButtonLabel']} }, aButton); throw exception; } return result; }; //----------------------------------------------------------------------------- diff --git a/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js b/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js index 0e4640e..a5a4697 100644 --- a/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js +++ b/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js @@ -1,169 +1,169 @@ /* Copyright 2008-2013 Clipperz Srl This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. * Clipperz is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. * Clipperz is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } if (typeof(Clipperz.PM) == 'undefined') { Clipperz.PM = {}; } if (typeof(Clipperz.PM.Components) == 'undefined') { Clipperz.PM.Components = {}; } if (typeof(Clipperz.PM.Components.RecordDetail) == 'undefined') { Clipperz.PM.Components.RecordDetail = {}; } //############################################################################# Clipperz.PM.Components.RecordDetail.DirectLoginBindingComponent = function(anElement, args) { //MochiKit.Logging.logDebug(">>> new DirectLoginBindingComponent"); args = args || {}; Clipperz.PM.Components.RecordDetail.DirectLoginBindingComponent.superclass.constructor.call(this, anElement, args); this._directLoginBinding = args.directLoginBinding || null; this.render(); Clipperz.NotificationCenter.register(this.record(), 'addNewRecordField', this, 'syncAndUpdateEditMode'); Clipperz.NotificationCenter.register(this.record(), 'removedField', this, 'syncAndUpdateEditMode'); Clipperz.NotificationCenter.register(this.record(), 'updatedFieldLabel', this, 'syncAndUpdateEditMode'); //MochiKit.Logging.logDebug("<<< new DirectLoginBindingComponent"); return this; } //============================================================================= YAHOO.extendX(Clipperz.PM.Components.RecordDetail.DirectLoginBindingComponent, Clipperz.PM.Components.RecordDetail.AbstractComponent, { 'toString': function() { return "Clipperz.PM.Components.RecordDetail.DirectLoginBindingComponent component"; }, //------------------------------------------------------------------------- 'directLoginBinding': function() { return this._directLoginBinding; }, //------------------------------------------------------------------------- 'render': function() { // Clipperz.YUI.DomHelper.append(this.element().dom, {tag:'span', style:'font-weight:bold;', html:this.directLoginBinding().key()}) // Clipperz.YUI.DomHelper.append(this.element().dom, {tag:'span', html:this.directLoginBinding().value()}) //MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.render"); Clipperz.YUI.DomHelper.append(this.element().dom, {tag:'td', cls:'directLoginBindingLabelTD', children:[ {tag:'span', html:this.directLoginBinding().key()} ]}); //MochiKit.Logging.logDebug("--- DirectLoginBindingComponent.render - 1"); Clipperz.YUI.DomHelper.append(this.element().dom, {tag:'td', cls:'directLoginBindingValueTD', children:[ {tag:'div', id:this.getId('editModeBox'), children:[ {tag:'select', id:this.getId('select'), children:this.recordFieldOptions()} ]}, {tag:'div', id:this.getId('viewModeBox'), children:[ {tag:'span', id:this.getId('viewValue'), html:""} ]} ]}); //MochiKit.Logging.logDebug("--- DirectLoginBindingComponent.render - 2"); this.getElement('editModeBox').setVisibilityMode(YAHOO.ext.Element.DISPLAY); this.getElement('viewModeBox').setVisibilityMode(YAHOO.ext.Element.DISPLAY); this.update(); //MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.render"); }, //------------------------------------------------------------------------- 'recordFieldOptions': function() { var result; var option; var recordFieldKey; var recordFields; //MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.recordFieldOptions"); recordFields = this.directLoginBinding().directLogin().record().currentVersion().fields(); result = []; option = {tag:'option', value:null, html:'---'}; result.push(option); for (recordFieldKey in recordFields) { // TODO: remove the value: field and replace it with element.dom.value = <some value> - option = {tag:'option', value:recordFieldKey, html:recordFields[recordFieldKey].label()} + option = {tag:'option', value:recordFieldKey, html:Clipperz.Base.sanitizeString(recordFields[recordFieldKey].label())} if (recordFieldKey == this.directLoginBinding().fieldKey()) { option['selected'] = true; } result.push(option); } //MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.recordFieldOptions"); return result; }, //------------------------------------------------------------------------- 'syncAndUpdateEditMode': function() { this.synchronizeComponentValues(); this.updateEditMode(); }, 'updateEditMode': function() { var selectElementBox; //MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.updateEditMode"); this.getElement('viewModeBox').hide(); selectElementBox = this.getElement('editModeBox'); selectElementBox.update(""); Clipperz.YUI.DomHelper.append(selectElementBox.dom, {tag:'select', id:this.getId('select'), children:this.recordFieldOptions()}); /* selectElement = this.getElement('select'); selectElement.update(""); MochiKit.Iter.forEach(this.recordFieldOptions(), function(anOption) { Clipperz.YUI.DomHelper.append(selectElement.dom, anOption); }); */ this.getElement('editModeBox').show(); //MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateEditMode"); }, //------------------------------------------------------------------------- 'updateViewMode': function() { //MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.updateViewMode"); this.getElement('editModeBox').hide(); this.getElement('viewModeBox').show(); - this.getElement('viewValue').update(this.directLoginBinding().field().label()); + this.getElement('viewValue').update(Clipperz.Base.sanitizeString(this.directLoginBinding().field().label())); //MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateViewMode"); }, //------------------------------------------------------------------------- 'synchronizeComponentValues': function() { //MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.synchronizeComponentValues") //MochiKit.Logging.logDebug("--- DirectLoginBindingComponent.synchronizeComponentValues - 1 - " + this.getId('select')); this.directLoginBinding().setFieldKey(this.getDom('select').value); //MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.synchronizeComponentValues"); }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js index c0cfa3c..56d9d59 100644 --- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js +++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js @@ -1,531 +1,539 @@ /* Copyright 2008-2013 Clipperz Srl This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. * Clipperz is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. * Clipperz is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } if (typeof(Clipperz.PM) == 'undefined') { Clipperz.PM = {}; } if (typeof(Clipperz.PM.DataModel) == 'undefined') { Clipperz.PM.DataModel = {}; } //############################################################################# Clipperz.PM.DataModel.DirectLogin = function(args) { //MochiKit.Logging.logDebug(">>> new Clipperz.PM.DataModel.DirectLogin"); //console.log(">>> new Clipperz.PM.DataModel.DirectLogin - args: %o", args); //console.log("--- formData: %s", Clipperz.Base.serializeJSON(args.formData)); args = args || {}; //MochiKit.Logging.logDebug("--- new Clipperz.PM.DataModel.DirectLogin - args: " + Clipperz.Base.serializeJSON(MochiKit.Base.keys(args))); this._record = args.record || null; this._label = args.label || "unnamed record" this._reference = args.reference || Clipperz.PM.Crypto.randomKey(); - this._favicon = args.favicon || null; + this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null; this._bookmarkletVersion = args.bookmarkletVersion || "0.1"; this._directLoginInputs = null; this._formValues = args.formValues || {}; this.setFormData(args.formData || null); //console.log("=== formData: %o", this.formData()); if (args.legacyBindingData == null) { this.setBindingData(args.bindingData || null); } else { this.setLegacyBindingData(args.legacyBindingData); } this._fixedFavicon = null; // this._formValues = args.formValues || (this.hasValuesToSet() ? {} : null); //MochiKit.Logging.logDebug("<<< new Clipperz.PM.DataModel.DirectLogin"); return this; } Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { 'remove': function() { this.record().removeDirectLogin(this); }, //------------------------------------------------------------------------- 'record': function() { return this._record; }, //------------------------------------------------------------------------- 'user': function() { return this.record().user(); }, //------------------------------------------------------------------------- 'reference': function() { return this._reference; }, //------------------------------------------------------------------------- 'label': function() { return this._label; }, 'setLabel': function(aValue) { this._label = aValue; }, //------------------------------------------------------------------------- 'favicon': function() { if (this._favicon == null) { var actionUrl; var hostname; - actionUrl = this.formData()['attributes']['action']; + actionUrl = this.action(); hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1'); - this._favicon = "http://" + hostname + "/favicon.ico"; + this._favicon = Clipperz.Base.sanitizeFavicon("http://" + hostname + "/favicon.ico"); } return this._favicon; }, //------------------------------------------------------------------------- 'fixedFavicon': function() { var result; if (this._fixedFavicon == null) { result = this.favicon(); if (Clipperz_IEisBroken) { if (this.user().preferences().disableUnsecureFaviconLoadingForIE()) { if (result.indexOf('https://') != 0) { result = Clipperz.PM.Strings['defaultFaviconUrl_IE']; this.setFixedFavicon(result); } } } } else { result = this._fixedFavicon; } return result; }, 'setFixedFavicon': function(aValue) { this._fixedFavicon = aValue; }, + 'action': function () { + var result; + + result = Clipperz.Base.sanitizeUrl(this.formData()['attributes']['action']); + + return result; + }, + //------------------------------------------------------------------------- 'bookmarkletVersion': function() { return this._bookmarkletVersion; }, 'setBookmarkletVersion': function(aValue) { this._bookmarkletVersion = aValue; }, //------------------------------------------------------------------------- 'formData': function() { return this._formData; }, 'setFormData': function(aValue) { var formData; //MochiKit.Logging.logDebug(">>> DirectLogin.setFormData - " + Clipperz.Base.serializeJSON(aValue)); switch (this.bookmarkletVersion()) { case "0.2": formData = aValue; break; case "0.1": //MochiKit.Logging.logDebug("--- DirectLogin.setFormData - fixing form data from bookmarklet version 0.1"); formData = this.fixFormDataFromBookmarkletVersion_0_1(aValue); break; } this._formData = aValue; this.setBookmarkletVersion("0.2"); //MochiKit.Logging.logDebug("--- DirectLogin.setFormData - formData: " + Clipperz.Base.serializeJSON(formData)); if (formData != null) { var i,c; this._directLoginInputs = []; c = formData['inputs'].length; for (i=0; i<c; i++) { var directLoginInput; directLoginInput = new Clipperz.PM.DataModel.DirectLoginInput(this, formData['inputs'][i]); this._directLoginInputs.push(directLoginInput); } } //MochiKit.Logging.logDebug("<<< DirectLogin.setFormData"); }, 'fixFormDataFromBookmarkletVersion_0_1': function(aValue) { //{"type":"radio", "name":"action", "value":"new-user", "checked":false }, { "type":"radio", "name":"action", "value":"sign-in", "checked":true } // || // \ / // \/ //{"name":"dominio", "type":"radio", "options":[{"value":"@alice.it", "checked":true}, {"value":"@tin.it", "checked":false}, {"value":"@virgilio.it", "checked":false}, {"value":"@tim.it", "checked":false}]} var result; var inputs; var updatedInputs; var radios; //MochiKit.Logging.logDebug(">>> DirectLogin.fixFormDataFromBookmarkletVersion_0_1"); result = aValue; inputs = aValue['inputs']; updatedInputs = MochiKit.Base.filter(function(anInput) { var result; var type; type = anInput['type'] || 'text'; result = type.toLowerCase() != 'radio'; return result; }, inputs); radios = MochiKit.Base.filter(function(anInput) { var result; var type; type = anInput['type'] || 'text'; result = type.toLowerCase() == 'radio'; return result; }, inputs); if (radios.length > 0) { var updatedRadios; updatedRadios = {}; MochiKit.Iter.forEach(radios, MochiKit.Base.bind(function(aRadio) { var radioConfiguration; radioConfiguration = updatedRadios[aRadio['name']]; if (radioConfiguration == null) { radioConfiguration = {type:'radio', name:aRadio['name'], options:[]}; updatedRadios[aRadio['name']] = radioConfiguration; } // TODO: remove the value: field and replace it with element.dom.value = <some value> radioConfiguration.options.push({value:aRadio['value'], checked:aRadio['checked']}); if ((aRadio['checked'] == true) && (this.formValues()[aRadio['name']] == null)) { //MochiKit.Logging.logDebug("+++ setting value '" + aRadio['value'] + "' for key: '" + aRadio['name'] + "'"); this.formValues()[aRadio['name']] = aRadio['value']; } }, this)) updatedInputs = MochiKit.Base.concat(updatedInputs, MochiKit.Base.values(updatedRadios)); } delete result.inputs; result.inputs = updatedInputs; //MochiKit.Logging.logDebug("<<< DirectLogin.fixFormDataFromBookmarkletVersion_0_1"); return result; }, //......................................................................... 'directLoginInputs': function() { return this._directLoginInputs; }, //------------------------------------------------------------------------- 'formValues': function() { return this._formValues; }, 'hasValuesToSet': function() { var result; //MochiKit.Logging.logDebug(">>> DirectLogin.hasValuesToSet"); if (this.directLoginInputs() != null) { result = MochiKit.Iter.some(this.directLoginInputs(), MochiKit.Base.methodcaller('shouldSetValue')); } else { result = false; } //MochiKit.Logging.logDebug("<<< DirectLogin.hasValuesToSet"); return result; }, // 'additionalValues': function() { 'inputsRequiringAdditionalValues': function() { var result; var inputs; //MochiKit.Logging.logDebug(">>> DirectLogin.additionalValues"); result = {}; if (this.directLoginInputs() != null) { inputs = MochiKit.Base.filter(MochiKit.Base.methodcaller('shouldSetValue'), this.directLoginInputs()); MochiKit.Iter.forEach(inputs, function(anInput) { result[anInput.name()] = anInput; }) } //MochiKit.Logging.logDebug("<<< DirectLogin.additionalValues"); return result; }, //------------------------------------------------------------------------- 'bindingData': function() { return this._bindingData; }, 'setBindingData': function(aValue) { //MochiKit.Logging.logDebug(">>> DirectLogin.setBindingData"); if (aValue != null) { var bindingKey; this._bindingData = aValue; this._bindings = {}; for (bindingKey in aValue) { var directLoginBinding; directLoginBinding = new Clipperz.PM.DataModel.DirectLoginBinding(this, bindingKey, {fieldKey:aValue[bindingKey]}); this._bindings[bindingKey] = directLoginBinding; } } else { var editableFields; var bindings; bindings = {}; editableFields = MochiKit.Base.filter(function(aField) { var result; var type; type = aField['type'].toLowerCase(); result = ((type != 'hidden') && (type != 'submit') && (type != 'checkbox') && (type != 'radio') && (type != 'select')); return result; }, this.formData().inputs); MochiKit.Iter.forEach(editableFields, function(anEditableField) { bindings[anEditableField['name']] = new Clipperz.PM.DataModel.DirectLoginBinding(this, anEditableField['name']); }, this); this._bindings = bindings; } //MochiKit.Logging.logDebug("<<< DirectLogin.setBindingData"); }, 'setLegacyBindingData': function(aValue) { //MochiKit.Logging.logDebug(">>> DirectLogin.setLegacyBindingData"); var bindingKey; this._bindingData = aValue; this._bindings = {}; for (bindingKey in aValue) { var directLoginBinding; directLoginBinding = new Clipperz.PM.DataModel.DirectLoginBinding(this, bindingKey, {fieldName:aValue[bindingKey]}); this._bindings[bindingKey] = directLoginBinding; } //MochiKit.Logging.logDebug("<<< DirectLogin.setLegacyBindingData"); }, //......................................................................... 'bindings': function() { return this._bindings; }, //------------------------------------------------------------------------- 'serializedData': function() { var result; var bindingKey; result = {}; // result.reference = this.reference(); result.label = this.label(); result.favicon = this.favicon() || ""; result.bookmarkletVersion = this.bookmarkletVersion(); result.formData = this.formData(); if (this.hasValuesToSet) { result.formValues = this.formValues(); } result.bindingData = {}; for (bindingKey in this.bindings()) { result.bindingData[bindingKey] = this.bindings()[bindingKey].serializedData(); } return result; }, //------------------------------------------------------------------------- 'handleMissingFaviconImage': function(anEvent) { anEvent.stop(); MochiKit.Signal.disconnectAll(anEvent.src()); this.setFixedFavicon(Clipperz.PM.Strings['defaultFaviconUrl']); anEvent.src().src = this.fixedFavicon(); }, //========================================================================= 'runHttpAuthDirectLogin': function(aWindow) { MochiKit.DOM.withWindow(aWindow, MochiKit.Base.bind(function() { var completeUrl; var url; url = this.bindings()['url'].field().value(); if (/^https?\:\/\//.test(url) == false) { url = 'http://' + url; } if (Clipperz_IEisBroken === true) { completeUrl = url; } else { var username; var password; username = this.bindings()['username'].field().value(); password = this.bindings()['password'].field().value(); /(^https?\:\/\/)?(.*)/.test(url); completeUrl = RegExp.$1 + username + ':' + password + '@' + RegExp.$2; } MochiKit.DOM.currentWindow().location.href = completeUrl; }, this)); }, //------------------------------------------------------------------------- 'runSubmitFormDirectLogin': function(aWindow) { MochiKit.DOM.withWindow(aWindow, MochiKit.Base.bind(function() { var formElement; var formSubmitFunction; var submitButtons; //MochiKit.Logging.logDebug("### runDirectLogin - 3"); // MochiKit.DOM.currentDocument().write('<html><head><title>' + this.label() + '</title><META http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body></body></html>') //MochiKit.Logging.logDebug("### runDirectLogin - 3.1"); MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.H3(null, "Loading " + this.label() + " ...")); //MochiKit.Logging.logDebug("### runDirectLogin - 4"); //console.log(this.formData()['attributes']); formElement = MochiKit.DOM.FORM(MochiKit.Base.update({id:'directLoginForm'}, { 'method':this.formData()['attributes']['method'], - 'action':this.formData()['attributes']['action']})); + 'action': this.action()})); //MochiKit.Logging.logDebug("### runDirectLogin - 5"); formSubmitFunction = MochiKit.Base.method(formElement, 'submit'); //MochiKit.Logging.logDebug("### runDirectLogin - 6"); MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.DIV({style:'display:none; visibility:hidden;'}, formElement) ); //MochiKit.Logging.logDebug("### runDirectLogin - 7"); MochiKit.DOM.appendChildNodes(formElement, MochiKit.Base.map( MochiKit.Base.methodcaller("formConfiguration"), this.directLoginInputs())); //MochiKit.Logging.logDebug("### runDirectLogin - 8"); submitButtons = MochiKit.Base.filter(function(anInputElement) { //MochiKit.Logging.logDebug("### runDirectLogin - 8.1 - " + anInputElement); //MochiKit.Logging.logDebug("### runDirectLogin - 8.2 - " + anInputElement.tagName); //MochiKit.Logging.logDebug("### runDirectLogin - 8.3 - " + anInputElement.getAttribute('type')); return ((anInputElement.tagName.toLowerCase() == 'input') && (anInputElement.getAttribute('type').toLowerCase() == 'submit')); }, formElement.elements) //MochiKit.Logging.logDebug("### runDirectLogin - 9"); if (submitButtons.length == 0) { //MochiKit.Logging.logDebug("### OLD submit") if (Clipperz_IEisBroken == true) { //MochiKit.Logging.logDebug("### runDirectLogin - 10"); formElement.submit(); } else { //MochiKit.Logging.logDebug("### runDirectLogin - 11"); formSubmitFunction(); } } else { //MochiKit.Logging.logDebug("### NEW submit") submitButtons[0].click(); } }, this)); }, //------------------------------------------------------------------------- 'runDirectLogin': function(aNewWindow) { var newWindow; //console.log("formData.attributes", this.formData()['attributes']); // if (/^javascript/.test(this.formData()['attributes']['action'])) { - if ((/^(https?|webdav|ftp)\:/.test(this.formData()['attributes']['action']) == false) && - (this.formData()['attributes']['type'] != 'http_auth')) - { + if ((/^(https?|webdav|ftp)\:/.test(this.action()) == false) && + (this.formData()['attributes']['type'] != 'http_auth') + ) { var messageBoxConfiguration; if (typeof(aNewWindow) != 'undefined') { aNewWindow.close(); } messageBoxConfiguration = {}; messageBoxConfiguration.title = Clipperz.PM.Strings['VulnerabilityWarning_Panel_title']; messageBoxConfiguration.msg = Clipperz.PM.Strings['VulnerabilityWarning_Panel_message']; messageBoxConfiguration.animEl = YAHOO.ext.Element.get("mainDiv"); messageBoxConfiguration.progress = false; messageBoxConfiguration.closable = false; messageBoxConfiguration.buttons = {'cancel': Clipperz.PM.Strings['VulnerabilityWarning_Panel_buttonLabel']}; Clipperz.YUI.MessageBox.show(messageBoxConfiguration); throw Clipperz.Base.exception.VulnerabilityIssue; } //MochiKit.Logging.logDebug("### runDirectLogin - 1 : " + Clipperz.Base.serializeJSON(this.serializedData())); if (typeof(aNewWindow) == 'undefined') { newWindow = window.open(Clipperz.PM.Strings['directLoginJumpPageUrl'], ""); } else { newWindow = aNewWindow; } //MochiKit.Logging.logDebug("### runDirectLogin - 2"); if (this.formData()['attributes']['type'] == 'http_auth') { this.runHttpAuthDirectLogin(newWindow); } else { this.runSubmitFormDirectLogin(newWindow) } }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js index 236d7c9..ba302da 100644 --- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js +++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js @@ -1,187 +1,187 @@ /* Copyright 2008-2013 Clipperz Srl This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. * Clipperz is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. * Clipperz is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } if (typeof(Clipperz.PM) == 'undefined') { Clipperz.PM = {}; } if (typeof(Clipperz.PM.DataModel) == 'undefined') { Clipperz.PM.DataModel = {}; } //############################################################################# Clipperz.PM.DataModel.DirectLoginReference = function(args) { args = args || {}; //MochiKit.Logging.logDebug(">>> new DirectLoginReference: " + Clipperz.Base.serializeJSON(MochiKit.Base.keys(args))); //MochiKit.Logging.logDebug(">>> new DirectLoginReference - record: " + args.record); this._user = args.user; if (args.directLogin != null) { this._reference = args.directLogin.reference(); this._recordReference = args.directLogin.record().reference(); this._label = args.directLogin.label(); this._favicon = args.directLogin.favicon() || null; this._directLogin = args.directLogin; this._record = args.directLogin.record(); } else { this._reference = args.reference; this._recordReference = args.record; this._label = args.label; - this._favicon = args.favicon || null; + this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null; this._directLogin = null; this._record = null; } this._fixedFavicon = null; return this; } Clipperz.PM.DataModel.DirectLoginReference.prototype = MochiKit.Base.update(null, { 'user': function() { return this._user; }, //------------------------------------------------------------------------- 'reference': function() { return this._reference; }, //------------------------------------------------------------------------- 'synchronizeValues': function(aDirectLogin) { this._label = aDirectLogin.label(); this._favicon = aDirectLogin.favicon(); }, //------------------------------------------------------------------------- 'label': function() { return this._label; }, //------------------------------------------------------------------------- 'recordReference': function() { return this._recordReference; }, //------------------------------------------------------------------------- 'record': function() { //MochiKit.Logging.logDebug(">>> DirectLoginReference.record"); if (this._record == null) { this._record = this.user().records()[this.recordReference()]; } //MochiKit.Logging.logDebug("<<< DirectLoginReference.record"); return this._record; }, //------------------------------------------------------------------------- 'favicon': function() { return this._favicon; }, //------------------------------------------------------------------------- 'fixedFavicon': function() { var result; if (this._fixedFavicon == null) { result = this.favicon(); if (Clipperz_IEisBroken && (this.user().preferences().disableUnsecureFaviconLoadingForIE()) && (result.indexOf('https://') != 0)) { result = Clipperz.PM.Strings['defaultFaviconUrl_IE']; this.setFixedFavicon(result); } } else { result = this._fixedFavicon; } return result; }, 'setFixedFavicon': function(aValue) { this._fixedFavicon = aValue; }, //------------------------------------------------------------------------- 'setupJumpPageWindow': function(aWindow) { //MochiKit.Logging.logDebug(">>> DirectLoginReference.setupJumpPageWindow - " + aWindow); try { MochiKit.DOM.withWindow(aWindow, MochiKit.Base.bind(function() { MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.H1(null, "Loading " + this.label()) ); }, this)); } catch(e) { MochiKit.Logging.logDebug("EXCEPTION: " + e); } //MochiKit.Logging.logDebug("<<< DirectLoginReference.setupJumpPageWindow"); }, //------------------------------------------------------------------------- 'deferredDirectLogin': function() { var deferredResult; //MochiKit.Logging.logDebug(">>> DirectLoginReference.deferredDirectLogin - " + this); deferredResult = new MochiKit.Async.Deferred(); //MochiKit.Logging.logDebug("--- DirectLoginReference.deferredDirectLogin - 1"); deferredResult.addCallback(MochiKit.Base.method(this.record(), 'deferredData')); //MochiKit.Logging.logDebug("--- DirectLoginReference.deferredDirectLogin - 2"); deferredResult.addCallback(function(aRecord, aDirectLoginReference) { return aRecord.directLogins()[aDirectLoginReference]; }, this.record(), this.reference()); //MochiKit.Logging.logDebug("--- DirectLoginReference.deferredDirectLogin - 3"); deferredResult.callback(); //MochiKit.Logging.logDebug("<<< DirectLoginReference.deferredDirectLogin"); return deferredResult; }, //------------------------------------------------------------------------- 'handleMissingFaviconImage': function(anEvent) { //MochiKit.Logging.logDebug(">>> DirectLoginReference.handleMissingFaviconImage"); anEvent.stop(); MochiKit.Signal.disconnectAll(anEvent.src()); this.setFixedFavicon(Clipperz.PM.Strings['defaultFaviconUrl']); //MochiKit.Logging.logDebug("--- DirectLoginReference.handleMissingFaviconImage - fixedFavicon: " + this.fixedFavicon()); //MochiKit.Logging.logDebug("--- DirectLoginReference.handleMissingFaviconImage - anEvent.src().src: " + anEvent.src().src); // MochiKit.DOM.swapDOM(anEvent.src(), MochiKit.DOM.IMG({src:'this.fixedFavicon()'})); anEvent.src().src = this.fixedFavicon(); //MochiKit.Logging.logDebug("<<< DirectLoginReference.handleMissingFaviconImage"); }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); diff --git a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index 1a5caff..b0b9b63 100644 --- a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js @@ -1,799 +1,826 @@ /* Copyright 2008-2013 Clipperz Srl This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. * Clipperz is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. * Clipperz is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.PM.Proxy.Offline.DataStore depends on Clipperz.PM.Proxy.Offline!"; } //============================================================================= Clipperz.PM.Proxy.Offline.DataStore = function(args) { args = args || {}; this._data = args.data || (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null); this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly); this._shouldPayTolls = args.shouldPayTolls || false; this._tolls = {}; this._connections = {}; + this._C = null; this._b = null; this._B = null; this._A = null; this._userData = null; return this; } //Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { //------------------------------------------------------------------------- 'isReadOnly': function () { return this._isReadOnly; }, //------------------------------------------------------------------------- 'shouldPayTolls': function() { return this._shouldPayTolls; }, //------------------------------------------------------------------------- 'data': function () { return this._data; }, //------------------------------------------------------------------------- 'tolls': function () { return this._tolls; }, //------------------------------------------------------------------------- 'connections': function () { return this._connections; }, //========================================================================= 'resetData': function() { this._data = { 'users': { 'catchAllUser': { __masterkey_test_value__: 'masterkey', s: '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00', v: '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00' } } }; }, //------------------------------------------------------------------------- 'setupWithEncryptedData': function(someData) { this._data = Clipperz.Base.deepClone(someData); }, //------------------------------------------------------------------------- 'setupWithData': function(someData) { var deferredResult; var resultData; var i, c; //Clipperz.log(">>> Proxy.Test.setupWithData"); resultData = this._data; deferredResult = new MochiKit.Async.Deferred(); c = someData['users'].length; for (i=0; i<c; i++) { var newConnection; var recordConfiguration; deferredResult.addCallback(MochiKit.Base.method(this, 'userSerializedEncryptedData', someData['users'][i])); deferredResult.addCallback(MochiKit.Base.bind(function(aUserSerializationContext) { //console.log("SERIALIZED USER", aUserSerializationContext); resultData['users'][aUserSerializationContext['credentials']['C']] = { 's': aUserSerializationContext['credentials']['s'], 'v': aUserSerializationContext['credentials']['v'], 'version': aUserSerializationContext['data']['connectionVersion'], 'userDetails': aUserSerializationContext['encryptedData']['user']['header'], 'userDetailsVersion': aUserSerializationContext['encryptedData']['user']['version'], 'statistics': aUserSerializationContext['encryptedData']['user']['statistics'], 'lock': aUserSerializationContext['encryptedData']['user']['lock'], 'records': this.rearrangeRecordsData(aUserSerializationContext['encryptedData']['records']) } }, this)); } deferredResult.addCallback(MochiKit.Base.bind(function() { //console.log("this._data", resultData); this._data = resultData; }, this)); deferredResult.callback(); //Clipperz.log("<<< Proxy.Test.setupWithData"); return deferredResult; }, //========================================================================= + 'C': function() { + return this._C; + }, + + 'set_C': function(aValue) { + this._C = aValue; + }, + + //------------------------------------------------------------------------- + 'b': function() { return this._b; }, 'set_b': function(aValue) { this._b = aValue; }, //------------------------------------------------------------------------- 'B': function() { return this._B; }, 'set_B': function(aValue) { this._B = aValue; }, //------------------------------------------------------------------------- 'A': function() { return this._A; }, 'set_A': function(aValue) { this._A = aValue; }, //------------------------------------------------------------------------- 'userData': function() { return this._userData; }, 'setUserData': function(aValue) { this._userData = aValue; }, //========================================================================= 'getTollForRequestType': function (aRequestType) { var result; var targetValue; var cost; targetValue = Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2); switch (aRequestType) { case 'REGISTER': cost = 5; break; case 'CONNECT': cost = 5; break; case 'MESSAGE': cost = 2; break; } result = { requestType: aRequestType, targetValue: targetValue, cost: cost } if (this.shouldPayTolls()) { this.tolls()[targetValue] = result; } return result; }, //------------------------------------------------------------------------- 'checkToll': function (aFunctionName, someParameters) { if (this.shouldPayTolls()) { var localToll; var tollParameters; tollParameters = someParameters['toll']; localToll = this.tolls()[tollParameters['targetValue']]; if (localToll != null) { if (! Clipperz.PM.Toll.validate(tollParameters['targetValue'], tollParameters['toll'], localToll['cost'])) { throw "Toll value too low."; }; } else { throw "Missing toll"; } } }, //========================================================================= - - 'processMessage': function(aFunctionName, someParameters) { + + 'processMessage': function (aFunctionName, someParameters) { var result; switch(aFunctionName) { case 'knock': result = this._knock(someParameters); break; case 'registration': this.checkToll(aFunctionName, someParameters); result = this._registration(someParameters.parameters); break; case 'handshake': this.checkToll(aFunctionName, someParameters); result = this._handshake(someParameters.parameters); break; case 'message': this.checkToll(aFunctionName, someParameters); result = this._message(someParameters.parameters); break; case 'logout': result = this._logout(someParameters.parameters); break; } return result; }, //========================================================================= '_knock': function(someParameters) { var result; result = { toll: this.getTollForRequestType(someParameters['requestType']) // toll: { // requestType: someParameters['requestType'], // targetValue: "3a1ba0be23580f902885c6c8a6b035e228ed1ca74d77de5f9bb0e0c899f07cfe", // cost: // } } return result; }, //------------------------------------------------------------------------- '_registration': function(someParameters) { //console.log("_registration", someParameters); if (this.isReadOnly() == false) { if (typeof(this.data()['users'][someParameters['credentials']['C']]) == 'undefined') { this.data()['users'][someParameters['credentials']['C']] = { 's': someParameters['credentials']['s'], 'v': someParameters['credentials']['v'], 'version': someParameters['credentials']['version'], // 'lock': someParameters['user']['lock'], 'lock': Clipperz.Crypto.Base.generateRandomSeed(), // 'maxNumberOfRecords': '100', 'userDetails': someParameters['user']['header'], 'statistics': someParameters['user']['statistics'], 'userDetailsVersion': someParameters['user']['version'], 'records': {} } } else { throw "user already exists"; } } else { - throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; + throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; } result = { result: { 'lock': this.data()['users'][someParameters['credentials']['C']]['lock'], 'result': 'done' - }, + }, toll: this.getTollForRequestType('CONNECT') } return MochiKit.Async.succeed(result); }, //------------------------------------------------------------------------- '_handshake': function(someParameters) { var result; var nextTollRequestType; //Clipperz.log(">>> Proxy.Offline.DataStore._handshake"); result = {}; if (someParameters.message == "connect") { var userData; var randomBytes; var b, B, v; //console.log(">>> Proxy.Offline.DataStore._handshake.connect", someParameters); userData = this.data()['users'][someParameters.parameters.C]; if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) { this.setUserData(userData); } else { this.setUserData(this.data()['users']['catchAllUser']); } randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); + this.set_C(someParameters.parameters.C); this.set_b(new Clipperz.Crypto.BigInt(randomBytes, 16)); v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); - this.set_B(v.add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); + this.set_B((Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); this.set_A(someParameters.parameters.A); result['s'] = this.userData()['s']; result['B'] = this.B().asString(16); nextTollRequestType = 'CONNECT'; } else if (someParameters.message == "credentialCheck") { - var v, u, S, A, K, M1; + var v, u, s, S, A, K, M1; + var stringHash = function (aValue) { + return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); + }; //console.log(">>> Proxy.Offline.DataStore._handshake.credentialCheck", someParameters); v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); - u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(this.B().asString(10))).toHexString(), 16); A = new Clipperz.Crypto.BigInt(this.A(), 16); + u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10))).toHexString(), 16); + s = new Clipperz.Crypto.BigInt(this.userData()['s'], 16); S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(this.b(), Clipperz.Crypto.SRP.n()); - K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); + K = stringHash(S.asString(10)); - M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10) + K)).toHexString().slice(2); + M1 = stringHash( + "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + + stringHash(this.C()) + + s.asString(10) + + A.asString(10) + + this.B().asString(10) + + K + ); if (someParameters.parameters.M1 == M1) { var M2; - M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); + M2 = stringHash( + A.asString(10) + + someParameters.parameters.M1 + + K + ); result['M2'] = M2; } else { throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); } nextTollRequestType = 'MESSAGE'; } else if (someParameters.message == "oneTimePassword") { var otpData; //console.log("HANDSHAKE WITH OTP", someParameters.parameters.oneTimePasswordKey); //console.log("someParameters", someParameters); //console.log("data.OTP", Clipperz.Base.serializeJSON(this.data()['onetimePasswords'])); otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey]; try { if (typeof(otpData) != 'undefined') { if (otpData['status'] == 'ACTIVE') { if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) { result = { 'data': otpData['data'], 'version': otpData['version'] } otpData['status'] = 'REQUESTED'; } else { otpData['status'] = 'DISABLED'; throw "The requested One Time Password has been disabled, due to a wrong keyChecksum"; } } else { throw "The requested One Time Password was not active"; } } else { throw "The requested One Time Password has not been found" } } catch (exception) { result = { 'data': Clipperz.PM.Crypto.randomKey(), 'version': Clipperz.PM.Connection.communicationProtocol.currentVersion } } nextTollRequestType = 'CONNECT'; } else { MochiKit.Logging.logError("Clipperz.PM.Proxy.Test.handshake - unhandled message: " + someParameters.message); } //console.log("<<< Proxy.Offline._handshake", result); result = { result: result, toll: this.getTollForRequestType(nextTollRequestType) } return MochiKit.Async.succeed(result); }, //------------------------------------------------------------------------- '_message': function(someParameters) { var result; result = {}; //===================================================================== // // R E A D - O N L Y M e t h o d s // //===================================================================== if (someParameters.message == 'getUserDetails') { var recordsStats; var recordReference; //try { recordsStats = {}; for (recordReference in this.userData()['records']) { recordsStats[recordReference] = { 'updateDate': this.userData()['records'][recordReference]['updateDate'] } } result['header'] = this.userDetails(); result['statistics'] = this.statistics(); result['maxNumberOfRecords'] = this.userData()['maxNumberOfRecords']; result['version'] = this.userData()['userDetailsVersion']; result['recordsStats'] = recordsStats; if (this.isReadOnly() == false) { var lock; if (typeof(this.userData()['lock']) == 'undefined') { this.userData()['lock'] = "<<LOCK>>"; } result['lock'] = this.userData()['lock']; } //} catch (exception) { // console.log("*#*#*#*#*#*#*", exception); // throw exception; //} //===================================================================== } else if (someParameters.message == 'getRecordDetail') { recordData = this.userData()['records'][someParameters['parameters']['reference']]; result['reference'] = someParameters['parameters']['reference']; result['data'] = recordData['data']; result['version'] = recordData['version']; result['creationData'] = recordData['creationDate']; result['updateDate'] = recordData['updateDate']; result['accessDate'] = recordData['accessDate']; currentVersionData = recordData['versions'][recordData['currentVersion']]; result['currentVersion'] = {}; result['currentVersion']['reference'] = recordData['currentVersion']; result['currentVersion']['version'] = currentVersionData['version']; result['currentVersion']['header'] = currentVersionData['header']; result['currentVersion']['data'] = currentVersionData['data']; result['currentVersion']['creationData'] = currentVersionData['creationDate']; result['currentVersion']['updateDate'] = currentVersionData['updateDate']; result['currentVersion']['accessDate'] = currentVersionData['accessDate']; if (typeof(currentVersionData['previousVersion']) != 'undefined') { result['currentVersion']['previousVersionKey'] = currentVersionData['previousVersionKey']; result['currentVersion']['previousVersion'] = currentVersionData['previousVersion']; } //===================================================================== // // R E A D - W R I T E M e t h o d s // //===================================================================== } else if (someParameters.message == 'upgradeUserCredentials') { if (this.isReadOnly() == false) { var parameters; parameters = someParameters.parameters; if (parameters['C'] == null) { result = Clipperz.PM.DataModel.User.exception.CredentialUpgradeFailed; } else if (parameters['s'] == null) { result = Clipperz.PM.DataModel.User.exception.CredentialUpgradeFailed; } else if (parameters['v'] == null) { result = Clipperz.PM.DataModel.User.exception.CredentialUpgradeFailed; } else if (parameters['version'] != Clipperz.PM.Connection.communicationProtocol.currentVersion) { result = Clipperz.PM.DataModel.User.exception.CredentialUpgradeFailed; } else { result = {result:"done", parameters:parameters}; } } else { throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; } //===================================================================== /* } else if (someParameters.message == 'updateData') { if (this.isReadOnly() == false) { var i, c; //console.log("###==============================================================="); //console.log("###>>>", Clipperz.Base.serializeJSON(someParameters)); //console.log("###--- userData", Clipperz.Base.serializeJSON(this.userData())); if (this.userData()['lock'] != someParameters['parameters']['user']['lock']) { throw "the lock attribute is not processed correctly" } this.userData()['userDetails'] = someParameters['parameters']['user']['header']; this.userData()['statistics'] = someParameters['parameters']['user']['statistics']; this.userData()['userDetailsVersions'] = someParameters['parameters']['user']['version']; c = someParameters['parameters']['records'].length; for (i=0; i<c; i++) { var currentRecord; var currentRecordData; currentRecordData = someParameters['parameters']['records'][i]; currentRecord = this.userData()['records'][currentRecordData['record']['reference']]; if (currentRecord == null) { } currentRecord['data'] = currentRecordData['record']['data']; currentRecord['version'] = currentRecordData['record']['version']; currentRecord['currentVersion'] = currentRecordData['currentRecordVersion']['reference']; currentRecord['versions'][currentRecordData['currentRecordVersion']['reference']] = { 'data': currentRecordData['currentRecordVersion']['data'], 'version': currentRecordData['currentRecordVersion']['version'], 'previousVersion': currentRecordData['currentRecordVersion']['previousVersion'], 'previousVersionKey': currentRecordData['currentRecordVersion']['previousVersionKey'] } } this.userData()['lock'] = Clipperz.PM.Crypto.randomKey(); result['lock'] = this.userData()['lock']; result['result'] = 'done'; //console.log("###<<< userData", Clipperz.Base.serializeJSON(this.userData())); } else { throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; } */ //===================================================================== } else if (someParameters.message == 'saveChanges') { if (this.isReadOnly() == false) { var i, c; //console.log("###==============================================================="); //console.log("###>>>", someParameters); //console.log("###>>>", Clipperz.Base.serializeJSON(someParameters)); //console.log("###--- userData", Clipperz.Base.serializeJSON(this.userData())); //console.log("###==============================================================="); //console.log("--- userData.lock ", this.userData()['lock']); //console.log("--- parameters.lock", someParameters['parameters']['user']['lock']); if (this.userData()['lock'] != someParameters['parameters']['user']['lock']) { throw "the lock attribute is not processed correctly" } this.userData()['userDetails'] = someParameters['parameters']['user']['header']; this.userData()['statistics'] = someParameters['parameters']['user']['statistics']; this.userData()['userDetailsVersions'] = someParameters['parameters']['user']['version']; c = someParameters['parameters']['records']['updated'].length; for (i=0; i<c; i++) { var currentRecord; var currentRecordData; currentRecordData = someParameters['parameters']['records']['updated'][i]; currentRecord = this.userData()['records'][currentRecordData['record']['reference']]; if ( (typeof(this.userData()['records'][currentRecordData['record']['reference']]) == 'undefined') && (typeof(currentRecordData['currentRecordVersion']) == 'undefined') ) { //console.log("######## SHIT HAPPENS"); throw "Record added without a recordVersion"; } if (currentRecord == null) { currentRecord = {}; currentRecord['versions'] = {}; currentRecord['creationDate'] = Clipperz.PM.Date.formatDateWithUTCFormat(new Date()); currentRecord['accessDate'] = Clipperz.PM.Date.formatDateWithUTCFormat(new Date()); this.userData()['records'][currentRecordData['record']['reference']] = currentRecord; } currentRecord['data'] = currentRecordData['record']['data']; currentRecord['version'] = currentRecordData['record']['version']; currentRecord['updateDate'] = Clipperz.PM.Date.formatDateWithUTCFormat(new Date()); if (typeof(currentRecordData['currentRecordVersion']) != 'undefined') { currentRecord['currentVersion'] = currentRecordData['currentRecordVersion']['reference']; currentRecord['versions'][currentRecordData['currentRecordVersion']['reference']] = { 'data': currentRecordData['currentRecordVersion']['data'], 'version': currentRecordData['currentRecordVersion']['version'], 'previousVersion': currentRecordData['currentRecordVersion']['previousVersion'], 'previousVersionKey': currentRecordData['currentRecordVersion']['previousVersionKey'], 'creationDate': Clipperz.PM.Date.formatDateWithUTCFormat(new Date()), 'updateDate': Clipperz.PM.Date.formatDateWithUTCFormat(new Date()), 'accessDate': Clipperz.PM.Date.formatDateWithUTCFormat(new Date()) } } } c = someParameters['parameters']['records']['deleted'].length; for (i=0; i<c; i++) { var currentRecordReference; currentRecordReference = someParameters['parameters']['records']['deleted'][i]; //console.log("DELETING records", currentRecordReference); delete this.userData()['records'][currentRecordReference]; } this.userData()['lock'] = Clipperz.PM.Crypto.randomKey(); result['lock'] = this.userData()['lock']; result['result'] = 'done'; //console.log("###<<< userData", Clipperz.Base.serializeJSON(this.userData())); } else { throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; } //===================================================================== // // U N H A N D L E D M e t h o d // //===================================================================== } else { MochiKit.Logging.logError("Clipperz.PM.Proxy.Test.message - unhandled message: " + someParameters.message); } result = { result: result, toll: this.getTollForRequestType('MESSAGE') } return MochiKit.Async.succeed(result); }, //------------------------------------------------------------------------- '_logout': function(someParameters) { return MochiKit.Async.succeed({result: 'done'}); }, //========================================================================= //######################################################################### 'isTestData': function() { return (typeof(this.userData()['__masterkey_test_value__']) != 'undefined'); }, 'userDetails': function() { var result; if (this.isTestData()) { var serializedHeader; var version; //MochiKit.Logging.logDebug("### test data"); version = this.userData()['userDetailsVersion']; serializedHeader = Clipperz.Base.serializeJSON(this.userData()['userDetails']); result = Clipperz.PM.Crypto.encryptingFunctions.versions[version].encrypt(this.userData()['__masterkey_test_value__'], serializedHeader); } else { //MochiKit.Logging.logDebug("### NOT test data"); result = this.userData()['userDetails']; } return result; }, 'statistics': function() { var result; if (this.userData()['statistics'] != null) { if (this.isTestData()) { var serializedStatistics; var version; version = this.userData()['userDetailsVersion']; serializedStatistics = Clipperz.Base.serializeJSON(this.userData()['statistics']); result = Clipperz.PM.Crypto.encryptingFunctions.versions[version].encrypt(this.userData()['__masterkey_test_value__'], serializedStatistics); } else { result = this.userData()['statistics']; } } else { result = null; } return result; }, /* 'userSerializedEncryptedData': function(someData) { var deferredResult; var deferredContext; deferredContext = { 'data': someData }; deferredResult = new Clipperz.Async.Deferred('Proxy.Test.serializeUserEncryptedData', {trace:false}); deferredResult.addCallback(MochiKit.Base.bind(function(aDeferredContext) { aDeferredContext['user'] = this.createUserUsingConfigurationData(aDeferredContext['data']); return aDeferredContext; }, this)); deferredResult.addCallback(function(aDeferredContext) { // return aDeferredContext['user'].encryptedDataUsingVersion(aDeferredContext['data']['version']); return aDeferredContext['user'].serializedDataUsingVersion(MochiKit.Base.values(aDeferredContext['user'].records()), aDeferredContext['data']['version']); }); deferredResult.addCallback(function(aUserEncryptedData) { deferredContext['encryptedData'] = aUserEncryptedData; return deferredContext; }); deferredResult.addCallback(function(aDeferredContext) { var connection; connection = new Clipperz.PM.Connection.communicationProtocol.versions[aDeferredContext['data']['connectionVersion']]() aDeferredContext['credentials'] = connection.serverSideUserCredentials(aDeferredContext['user'].username(),aDeferredContext['user'].passphrase()); return aDeferredContext; }); // deferredResult.addCallback(function(aDeferredContext) { //console.log("#-#-#-#-#", aDeferredContext); // return aDeferredContext['user'].serializedDataUsingVersion(MochiKit.Base.values(aDeferredContext['user'].records()), aDeferredContext['data']['version']); // }, deferredContext); // deferredResult.addCallback(function(aUserSerializedData) { //console.log("USER SERIALIZED DATA", aUserSerializedData); // }); // // deferredResult.addCallback(MochiKit.Async.succeed, deferredContext); deferredResult.callback(deferredContext); return deferredResult; }, 'createUserUsingConfigurationData': function(someData) { var result; var user; var recordLabel; user = new Clipperz.PM.DataModel.User(); user.initForTests(); user.setUsername(someData['username']); user.setPassphrase(someData['passphrase']); for (recordLabel in someData['records']) { var recordData; var record; var i, c; recordData = someData['records'][recordLabel]; record = new Clipperz.PM.DataModel.Record({user:user, label:recordLabel}); record.setNotes(recordData['notes']); c = recordData['fields'].length; for (i=0; i<c; i++) { var recordField; recordField = new Clipperz.PM.DataModel.RecordField(); recordField.setLabel(recordData['fields'][i]['name']); recordField.setValue(recordData['fields'][i]['value']); recordField.setType(recordData['fields'][i]['type']); record.addField(recordField); } user.addRecord(record, true); } result = user; return result; }, */ //========================================================================= __syntaxFix__: "syntax fix" }); Clipperz.PM.Proxy.Offline.DataStore['exception'] = { 'ReadOnly': new MochiKit.Base.NamedError("Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly") };
\ No newline at end of file |